Skip to main content

GCP Logo

Google Cloud Platform Integration

This guide provides step-by-step instructions on integrating Google Cloud Platform (GCP) as an identity provider for your Project.

Prerequisites

  • An Google Cloud Platform account with access to the Google Cloud Console. If you don't have one, you can sign up at Google Cloud.

Steps to Integrate Google Cloud Platform

  1. Register a New Application in Google Cloud Console

    • Log in to the Google Cloud Console.
    • Navigate to "Google Auth Platform" > "Clients".
    • Click Create client
    • Choose Web application as the application type and click "Next".
    • Provide a nameand click create

  2. Copy Configuration information Once created copy the "Client ID" and "Client Secret". Copy the following endpoints for use later

    • authorize_endpoint: https://accounts.google.com/o/oauth2/auth
    • token_endpoint: https://oauth2.googleapis.com/token
    • jwks_uri: https://www.googleapis.com/oauth2/v3/certs

  3. Create IdentityProvider Resource in Haste Health

    • Go to the Haste Health Admin App for your tenant.
    • Navigate to the system project.
    • Click Identity Provider
    • Click New
    • Provide the following details:
      • Name: A friendly name for the identity provider (e.g., GCP).
      • Status: Set to active.
      • Access Type: Set to oidc.
      • Authorization_endpiont: The OAuth 2.0 authorization endpoint copied from step 2.
      • Token_endpoint: The OAuth 2.0 token endpoint copied from step 2.
      • Jwks_uri: The Json web key set Url copied from step 2.
      • Scopes: Specify the scopes required for your application (e.g., openid profile email note openid is required to veirfy user).
      • Client ID: The Application (client) ID copied from GCP.
      • Client Secret: Copied from GCP in step 2.
      • Enable PKCE: GCP by default will support PKCE for public clients, enable this option for enhanced security. Use S256 as the code challenge method.
      • Click Create to save the new Identity Provider configuration.
      • Copy the id of the created Identity Provider for use in the next step.

  4. Add Redirect URI in GCP

    • Go back to your GCP client you created in step 2.
    • At the bottom in "Authorized redirect URIs" section, add a new redirect URI for your Haste Health tenant: https:://[haste-health-host]/w/[my-tenant]/system/api/v1/oidc/federated/[idp-resource-id]/callback

  5. Test the Integration

    • Click Projects in system admin app and modify at the bottom identity providers.
    • Add the GCP identity provider to the desired project.
    • Click the project and log out.
    • At the login screen click the GCP button.
    • Confirm redirect to GCP and login.